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By this amendment, claims 1-20 are pending, in which claims 1, 2, 5, 11-14, and 16 are 
currently amended, claims 17-20 are newly presented, and no claims are canceled or withdrawn. 
No new matter is introduced. 

The Office Action mailed September 23, 2004 provisionally rejected all pending claims 
under the judicially created doctrine of obviousness-type double patenting as being unpatentable 
over claims 1-16 of commonly owned Devine et al (US 6,598,167). 

In response to the rejection, a terminal disclaimer in compliance with 37 C.F.R. §1.321 is 
submitted herewith, thereby rendering the rejection moot. 

Further, the Office Action mailed September 23, 2004 objected to claims 1, 2, and 5 and 
rejected claims 1, 7, and 8 as obvious under 35 U.S.C. § 103(a) based on Crichton et al (US 
6,104,716) in view of Shin et al (US 5,987,134), claims 2, 5, and 9 as obvious under 35 U.S.C. § 
103(a) based on Crichton et al in view of Shin et al and further in view of Shambroom (US 
5,923,756), and claims 3, 4, and 6 as obvious under 35 U.S.C. § 103(a) based on Crichton et al 
in view of Shin et al and further in view of Shi et al (US 5,875,296). Claim 10 was objected to 
as dependent upon a rejected base claim, but was indicated as allowable if rewritten. Claims 11- 
16 were indicated as allowed over the prior art upon submission and entry of a terminal 
disclaimer. 

Applicants acknowledge with gratitude the indication that claims 11-16 are allowed, and 
the indication of allowable subject matter in claim 10. 

Applicants have amended the first paragraph of the specification in accordance with the 
Preliminary Amendment which was filed with the present application. 
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Claims 1, 2, and 5 have been amended as required by the Office Action, and claims 5, 11- 
14, and 16 have been amended to resolve observed informalities. 

Applicants respectfully traverse the remaining rejections of the claims, as none of the 
applied references, alone or in combination, suggest or disclose a "dispatcher server providing 
verification of system access after customer entitlements have been verified," as recited at least 
by independent claim 1. 

By contrast, Crichton et al (per Abstract) is directed to a lightweight secure tunneling 
protocol that permits communicating across one or more firewalls by using a middle server or 
proxy. Three proxies are used to establish an end-to-end connection that navigates through the 
firewalls. A middle proxy, outside two firewalls, is started before two end proxies (server and 
client), which are located inside respective server and client firewalls. The two end proxies 
connect to the middle proxy to establish a complete end-to-end connection. 

The Lightweight Secure Tunneling Protocol of Crichton et al includes sequencing rules 
for requests and responses used for transferring data between and synchronizing the states of the 
proxies that include a CONNECTION_REQUEST, described as allowing one end proxy to 
notify the other end proxy that a client application is requesting tunnel resources to be allocated 
for use by the client application, and a CONNECTION_ACK or CONNECTION _NACK which 
allows the receiving proxy to either accept or deny the request for tunnel resources (col. 6: 66 - 
col. 7: 9). The Office Action (p. 5) correctly acknowledges that "The teachings of Crichton et al 
are silent in disclosing use the use [sic] of verifying customer entitlements." 

The Office Action (p. 5) then contends that Shin et al discloses "verifying user access 
rights (customer entitlements) prior to permitting access to resources (col. 5, lines 29-33)." 
Shin et al (per Abstract) is directed to a device for authenticating user's access rights to 
resources. The resources may include emails, files, computer resources, and execution of 
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applications (per col. 5: 1-3). Shin et al discusses use of an access ticket which is used to verify 

legitimacy of a response from a user to authenticate access rights of a user to permit continuation 

of execution of a program, access to files, and so forth (col. 5: 12-33). The Office Action states: 

It would have been obvious to a person of ordinary skill in the art at the 
time of the invention to have been motivated to protect resources by verifying user 
entitlements making the user provide their rights to use resources. Shin et al 
recites motivation for the use of verifying user rights by disclosing that 
unauthorized users can gain access to protected resources and there exists a need 
to protect the resources by verifying the legitimacy of the user's request (col. 2, 
lines 6-13). By verifying the user's entitlements, it is obvious that the teachings of 
Crichton et al would have allowed its resources to only be granted to authorized 
users based on their entitlements. 



However, as introduced in its "Background Description" section and reasserted in col. 4: 

1-9, Crichton et al states (emphasis added): 

Often, an employee inside an organization wants to allow an "outside" 
client application to address an "inside" server; e.g., to allow the client application 
running on client 142 to address the server application running on server 111 in 
FIG. 3. In this case, the employee trusts the outside client application and 
wishes to bypass the controls put in place on their company's firewall that 
prevent the trusted outside client from addressing the inside server. This invention 
provides a solution for this situation. 

Additionally, Crichton et al states (col. 5: 1-8, emphasis added): 

The triggers for the end proxies 213 and 223 to initiate a connection to 
the middle proxy 26 is manually controlled by someone who has access to the 
computer where the end proxies 213 and 223 are running. The end proxies 213 
and 223 can establish a connection to the middle proxy 26 anytime after the 
middle proxy is started. The middle proxy 26 will receive and store the setup 
information sent to it by the first connecting end proxy. 

Once the connection is established among the three proxies, neither the client nor the 

server have any indication that they are not talking directly to each other (col. 5: 17-27). Thus, 

the connection, or "system access" is established as a result of manual controls at the end 

proxies, which have nothing to do with verifying "customer entitlements." It further makes no 
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sense, other than adding additional complexity to the system, to add verification of user access 
rights to the CONNECTION_ACK decision of Crichton et al If a proposed modification would 
render the prior art being modified unsatisfactory for its intended purpose, then there is no 
suggestion or motivation to make the proposed modification. In re Gordon, 733 F.2d 900, 221 
USPQ 1125 (Fed. Cir. 1984). If the proposed modification or combination of the prior art would 
change the principle of operation of the prior art invention being modified, then the teachings of 
the references are not sufficient to render the claims prima facie obvious. In re Ratti, 270 F.2d 
810, 123 USPQ 349 (CCPA 1959). MPEP § 2143.01 Thus, "said dispatcher server providing 
verification of system access after customer entitlements have been verified" is not disclosed 
or suggested by either Crichton et al, Shin et al, or any reasonable combination thereof. 

Further, a stated "object" of Crichton et al (col. 2: 19-22, emphasis) is "to provide a way 
to establish secure tunnels through firewalls without changes to the existing firewall software 
or firewall configuration." It is improper to combine references where the references teach 
away from their combination. In re Grasselli, 713 F.2d 731, 218 USPQ 769 (Fed. Cir. 1983). A 
prior art reference must be considered in this entirety including portions that would lead away 
from the claimed invention. W.L. Gore & Associates, Inc. v. Garlock, Inc., 721 F.2d 1540, 220 
USPQ 303 (Fed. Cir. 1983), cert, denied, 469 U.S. 851 (1984). Thus, there is no motivation to 
combine Crichton et al and Shin et al as suggested by the Office Action, as further changes add 
further complexity to the system, potentially requiring changes to the firewall configuration of 
Crichton et al Therefore, the rejection of independent claim 1, and its corresponding dependent 
claims 7 and 8, should be withdrawn. 

With respect to the remaining obviousness rejections, the addition of Shambroom and 
Shi et al does not cure the deficiencies of Crichton et al and Shin et al The secondary reference 
of Shambroom is applied for a supposed teaching of the use of digital certificates for 
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authentication in SSL from one party to another (Office Action, page 6). Shi et al is cited as 
supposedly teaching the generation of cookies that are to be used by a client (Office Action, page 
7). Accordingly, the various obviousness rejections are unsustainable, and thus, the rejection of 
dependent claims 2-6 and 9 should also be withdrawn. 

New dependent claim 17 recites, "at least one digital certificate for authenticating said 
secure web server to a plurality of client web browsers that enable interactive secure 
communications with said security system and provide an integrated interface for said customer, 
each of said web browsers supporting client identification, client authentication and secure 
sockets layer communications protocol." New dependent claim 18 recites, "said client web 
browser secure socket layer encrypts client identification, authentication and a session 
management cookie during each transmission." New dependent claim 19 recites, "a first 
encryption algorithm for transmission of all customer data between said secure web server and 
said client browser for transmission of all customer data between said secure web server and said 
dispatcher server and a second encryption algorithm." New dependent claim 20 recites, "each 
client request from said web browser is encrypted with a public key provided by said 
communications network, and each of said client requests includes an encrypted client cookie for 
client authentication." For reasons similar to those discussed above with regard to claim 1, 
Applicants respectfully submit that the features of claims 17-20 are neither suggested nor 
disclosed by the applied references. Thus, it is believed that claims 17-20 are allowable over the 
applied references. 
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Therefore, the present application, as amended, overcomes the objections and rejections 
of record and is in condition for allowance. Favorable consideration is respectfully requested. If 
any unresolved issues remain, it is respectfully requested that the Examiner telephone the 
undersigned attorney at (703) 425-8508 so that such issues may be resolved as expeditiously as 
possible. 

Respectfully Submitted, 
DITTHAVONG & CARLSON, P.C. 
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